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Figure 1 . System Architecture and Process Overview 



Context 




Scheduler 



1. Scheduler Fires, delivers PTD to Routing Engine 

2 Routing Engine initiates Process Start to User. 

3. Messages User via Email. 

4. User clicks on link in Email. 

5 User is authenticated (login) with Routing Engine 

6. Routing Engine delivers PTD/PT to User. 

7 User interacts with PTD/PT & inputs data 

8. User commits User Input Data to Routing Engine. 

9. Routing Engine messages next user if not done 

10. Routing Engine monitors progress and performs 
escalation if necessary. 



Process Template Data (PTD) 
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Figure 4. Creation of Definitions Flow Chart 



Description and 
COSO associations 
and classifications 



Additional Risk 
associations if 
Control mitigates 
more than Parent 
Risk 




Link COSO Component (from 
LOV table in Figure 1) 



Link COSO Objective (from 
Context Data in Figure 1) 



Link Control Categories (from 
Context Data m Figure 1 ) 



Link Cbssif tcatinn (predefined by 
system) 



Link Impact (predefined by system) 



Much of me data in a completed 
Definition is used to configure, on the fly, 
a Process Template that is a routed to a 
user via a Business Process Engine This 
Process Template is essentially a mini- 
application that has both visual and 
programmatic elements inserted and 
configured based cn this Definition. This 
allows one Process Template to be used 
(configured) for any number of 
Definitions 





Link Risk (in addition to 
parent Risk) 


1 — ► 


Link more 





Days after end of period, 
negativ e numbers to start 
before end of period. 

Days after end of period, 
negative numbers to be 
due before end of period 




Used by Process 
Scheduler, Figure 4, to 
obtain user assignments_ 
from Business Unit ~ 
Context data for process 
alternation 



Figure 6. Scheduler Flow Chart 




LSR = Last date the process Scheduler was Run 



Set LSR to Cu it ran Date 




For Process Type 
(Control, Evaluation, Test) 
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For Frequency 

(daily, quarterly, etc ) 



For Matching Deftntions 
? (Type and Frequency) 



No match 



Start OfT-Set equal to 
Scheduler Date 



3 



match 



/ 



Check Definition Last Ran 
DLR date >= Scheduler Date 



This is a technique to deal 
with system failures that 
leaves any number of 
Definitions for a given 
time/day un-run and running 
those once the Process 
Scheduler is back on line and 
attempts to run the same 
day/time it partially 
completed because the LSR + 
1 step never happened 



For Business Unit 

linked to Definition 



Oct user assignments for 
Business Unit 



I 



Check Definition overrides 
for this assignment 



I 



1 Refer to Business Units 
| section at the bottom of 
| Figure 3. 



Send Actim for Process Start (or 
Route) to Routing Engkie 



Next Unit 



Next Definition 



Next Frequency 



Next Type 



Next Day Test 



Set Scheduler Date to 
LSR+ 1 day 
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Figure 9. Routing Engine Flow Chart 



Server Operations 



-Action (start process, 
escalate to new user, remind 
user, etc ) 

-Target User<s) for Action 
-Target Process Template 
-Data for Process Template 




Lookup Target User(s) in 
Directory Service 
-confirm user id 
obtain email address(s) 



Record or Update 
Transaction in Database 




Send Notification (email) 
to Target Use r(s) of 
Action with URL to 
Transaction 



User Operations 



User Login 

(Authentication) to Server 



T 



User clicks on URL (link) 
in Email body 



-URL to Transaction 
-Action 

-Target User(s) 
-Target Process 
-Process Data 
-Time stamp of Action 
-History of all routing and 
Actions for Transaction 




Serv er acknowledges 
request and provides 
requested Transaction 



Userreceh 
Template & 

Browser fa 


'es Process 
Data in Web 

Interaction. 
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its update to 
or Action 



Server updates Transaction 



;ure 1 0. Configuration and Initialization Flowchart 



Set system T ime of Day (TOD) S et 
system Fiscal Year End Date (FYED) 




Figure 11. 



Hierarchy Definition Flow Chart 



Create Definition Hierarchy for 
levels configured in the system 



I 



Create (name, number, description) 
a Accounting Process (AP) 



Link any Context 
Data 



Link more 



Create parallel A P 



Create (name, number, description) a 
Accounting Sub-Process (ASF) 



Link any Context 
Data 



Link mere 



Create parallel ASP 



Create (name, number, description) 
a Control Objective (CO) 



Link any Context 
Data 



Create parallel CO 



Create (name, number, description) 
a Risk (R) 



Link any Context 
Data 



Link mere I 



Create parallel R 



Create or link existing Deftntton 
(Internal Control, Evaluation or 
Test) 



Create or Link more 



Linking to an existing 
Internal Control 
Definition, for 
example, allows 2 or 
more Risks to share 
the same Control 



Figure 12. Compliance Rule User Selection Screen (input to Process Template) 



Select th£co^ 



C No Yes Enable Override 




(•} Manual (Ho rules applied) 



0 ActuaT vs. Estimated (With ERP Integration) 

- This calculation compares two data fields: ERP and F1 

; - Data field ERP is supplied by a back-end information system ■ ^ 
■■- Data field F1 Is manually entered by the process Performer 

- Data field F1 must be defined as type money -. 

* The calculated expression is: ABS((ERP~F1)/ERP) * 1 00. 

O Actual vs. estimated (No IERP integration) 

* This calculation compares two data fields F1 and F2 

. - Data fields F1 and F2 are manually entered by the process Performer : "• 

- Data fields F1 and F2 must be defined as type money 

- The calculated expression is: ABS((F1-F2)/F1) * 100 

O $ Values of Items (Wh El^ rntegratlbnj 

- This calculation compares ERP field and data fields F1 thru F1 0 
Data field ERP supplied by a back-end Information system -.; 

: - Data fields F1 thru F10 are manually entered by the process Performer 
Data field F1 must defined as type money 
-All fields of type money will be included in the calculation : : : ■ J 

: - The calculated expression is: ABS(((SUM(F1 :F1 0>ERPH 00)/ERP) 

Q- $ Values of Items (No ERP integration) : ■ 

- This calculation compares data field F1 and data fields F2 thru F10 

- Data fields F1 thru F1 0 are manually entered by the process Performer 

- Data fields F1 and F2 must be defined as type money 

; ~ All fields of type money will be included in the calculation • 
-The calculated expression is: ABS«(SUM(F2:F1 0)-Fi )*1 D0)/F1) ; 

: - Select a radio button above ' -/.\ 

Enter in the % thresholds for each Compliance impact Score for Low, Medium; arid High 
Select "Enable Override* 1 if you want to allow a process Performer to override the system score 

■ Score Percentage ,'V'"- ' ': ^'^■'.l^'-^l 

"**: Low. 



Medium 
High |0__ - | 

(^ow must be less than Medium and Medium must be less than High) 



Q Self-Assessment : :'\ : '"• '"*.-. • : -*: : 

-This calculation compares Yes or No responses from data fields F1 thruFIQ 

- Data fields F1 thru F1 0 are manually entered by the process Performer 

- The fields must be defined as type yes/no 

Enter In the thresholds of negative responses for each Compliance Impact Score for Low c Medium, and High 

- Select "Enable Override" rf you wantto allow a process Performer to override the system score - 



Negative Respons e 
"I,;;- ... (Low<=8) 



. Score 

• Low . 

Medium 
hTgh 

(Low must be less than Medium and Medium must be less than High) 



_J (Medium <=9) 



(High <= 10) 



